Enterprise content management (ECM) covers a broad range of applications, including document management (DM), Web content management (WCM), records management (RM), digital asset management (DAM), search of managed content, and the like. A system for managing such content can be generally referred to as a content management system (CMS) and can be configured with features suitable for managing the various content items (also referred to herein in some examples as “files” or “documents”) that an enterprise produces or generates, retains or otherwise stores, manipulates or modifies, etc. A CMS can support the requirements of one or more applications including DM, WCM, RM, DAM, search, etc., and optionally other requirements, to provide a coherent solution in which content processes, management processes, and the like are capable of accessing content across a variety of applications subject to access controls, permissions, and the like. Content (in the form of content items) managed by a CMS can include one or more of documents, images, photos, Web pages, records, XML documents, other unstructured or semi-structured files, etc. Content retained in a CMS can also include directory structures (also referred to as file structure hierarchies) such as folders, file trees, file plans, or the like, which can provide organization for multiple content items in addition to storing or otherwise representing relationships between content item, etc. Any kinds of content items can generally have metadata associated therewith. The metadata can include date or time information (last opened, last saved, created, disposal date, etc.) file size, location (e.g. where a photographic image was taken), information about creation or a current state or storage location of the content item (e.g. camera settings for a photo, IP addresses of computers that have previously been used to access the content item, network traffic histories, etc.), or any other information that may be desirable to store.
An “enterprise” can generally refer to an organization, such as for example a business or company, a foundation, a government, a university, a department or sub-organization of one of these entities, or the like, and can have content requirements related to one or more business processes, content uses, etc. Also, for the purposes of this disclosure, the term “document” may be used interchangeably to refer to any kind of content item that may be stored in or managed by a CMS. The terms “folder” or “directory” can refer to a logical organizing structure that can be used in a CMS to group or otherwise assist a user in browsing for documents stored in or otherwise managed by the CMS.
A CMS manages the actual digital binary content, the metadata that describes a context of each document, associations between a document and other content or documents, a place and classification of a content item in a repository, indexes for finding and accessing content items, and the like. The CMS can also manage processes and lifecycles of content items to ensure that this information is correct. The CMS can also manage one or more workflows for capturing, storing, and distributing content, as well as the lifecycle for how long content will be retained and what happens after that retention period.
A CMS can be configured to maintain the security of content items managed by the CMS. One aspect of ensuring security of content items in a CMS can involve limiting access to certain content items (or groups of content items) to some subset of all of the users who can access the CMS. While in some examples content that is particularly sensitive may be encrypted such that users who lack the proper encryption key or keys cannot open, view, modify, or otherwise access the content, in other examples access restrictions may be additionally or alternatively handled by the use of access permissions, which can be applied to individual users or groups of users (e.g. according to designated roles within an enterprise) or processes that access data (e.g. business processes. A user lacking the proper credentials for a given content item is generally prevented from opening (or performing any other file actions on) that content item. In some examples, a user who lacks access permissions for a given content item may be prevented from being allowed to even “discover” a content item, which means that the content item is effectively hidden from view—in searches or in browsing to a folder or other file structure containing such a content item, the user should not even be given an indication that the content item exists.